Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DraftMASTDOCS and version 22.07
Excerpt
hiddentrue
Learn about MAST User accounts, how to establish them, and when they are needed.
Panel
borderColor#00617E
borderWidth2px
borderStylesolid

Anyone can use the MAST tools to search for hosted data. However, certain services and data require a MAST account. This article describes the means to establish an account, and to obtain authorizations where needed.

On this page...

Table of Contents
maxLevel2
indent24px

Anonymous Use

Anyone can use MAST interfaces to search for hosted data; anonymous users may preview and retrieve any publicly-available data. You do not need a user account to access most data, documentation, or the Archive Help Knowledge Base. If you have a MyST account, using the Login feature in MAST web tools is optional for public data.

Protected Data

Be aware that recent data from active missions can be protected during an Exclusive Access Period (EAP). During the EAP the Principal Investigator and their team have the opportunity to analyze and prepare their data for publication, and only authorized and authenticated users may retrieve the data. After the expiration of the EAP (denoted by the Release Date in MAST interfaces), the data become accessible to everyone without restriction.  Metadata about observations that are under an EAP, such as coordinates, filters, exposure times, or footprints of the observations are available for anyone to see, including anonymous users.

EAP data can be queried from the MAST Portal, from the Hubble search interface, or from a MAST Application Programming Interface (API). EAP data are indicated in MAST interfaces in different ways, including the use of icons ().

User Accounts

User accounts enable MAST applications and services to authenticate individual users to the system. This is necessary only for some circumstances. Certain services also require prior authorization to use them, and authenticating via log-in is an essential step in that process.

Info

User accounts for MAST are managed by STScI's Single Sign-On (SSO) system. SSO allows you to use your MyST credentials to log on to certain web-based services at the Institute, including the MAST Portal, the HST search interface, the STScI Grant Management System (STGMS), and the Astronomer's Proposal Tool. Rather than have each service maintain separate user accounts, logging in through the SSO Portal means remembering only one username and password.

CasJobs Accounts

MAST's environment for supporting complex queries against large catalogs, CasJobs, requires a separate account which is not managed by STScI's SSO system. You may register for a CasJobs account.

Tip

If you have ever been a named Principal Investigator (PI) or Co-Investigator (Co-I) on an HST or JWST proposal, or have ever received a research grant managed by STScI, you probably already have a MyST account. You can verify whether you already have a MyST account with the MyST lookup tool by entering your email address. You may create a new account from the MyST home page.

Who Needs a MAST User Account?

User accounts are only needed for certain purposes, as described in the sub-sections below. Logging in to one of the MAST applications will authenticate your identity during the lifetime of your MAST session.


Portal login menu

Login: Be sure to log in to the MAST application before attempting actions that require authentication. The appearance of the login menu differs depending upon the application. After login it is possible to access information about your MyST account.

If you were logged in to MAST when you elected to stage data on the ftp staging disk at archive.stsci.edu, use your MyST credentials to log in to the ftp session.


MAST Log-out button

Log-out: If for security reasons you must log out of a Portal session (e.g., if you are obliged to share your workstation), there is a two-step process:

  1. Go to https://auth.mast.stsci.edu/sessions. That page will contain an entry for each active MAST session for which you are logged in. Click the Log Out button to terminate the session in question.
  2. Visit the SSO portal to log out of the MyST system: https://ssoportal.stsci.edu/idp/profile/Logout.

If using a public computer, it is general best-practice to clear your browser's cache after you log out.  MAST strongly recommends doing so after signing out of MAST applications from a shared computer.  Web browsers (e.g., Microsoft Edge, Firefox, Google Chrome, Safari) will have instructions on how to clear your browser cache.

Tip

Another option when using a shared computer is to use the Private Browsing option in your web browser (Google Chrome refers to this as "Incognito").   Logging out would be as simple as closing the browser session. The next user can then also open the browser with Private Browsing / Incognito to start a fresh session.


Subscriptions to Data

Subscribing to data notifications for active missions requires a log-in. You may subscribe to be informed when data are first received in the Archive, are reprocessed for some reason, or have become public. 

Tip

Currently, subscriptions for data notifications are only available through the MAST Portal.

Anchor
Access_EAP
Access_EAP
Accessing EAP Data

Previewing and retrieving EAP protected data requires both authentication and authorization. EAP data can be accessed from the MAST Portal, from the Hubble search interface, from the ftp server staging disk at archive.stsci.edu, or from a MAST Application Programming Interface (API).

Data Authorization

Principal Investigators (PIs) for approved observing programs with HST or JWST are automatically authorized to access data from their program(s). 

Image RemovedMyST action panel after loginImage Added

MyST Manage EAP data access pull-downImage Added

Each PI must, for each active program, authorize access for Co-IsInvestigators and other collaborators using the MyST interface. (This does not apply if the EAP for a program has expired.) To do this, log in :

  1. Go to MyST and click the
"Manage" panel to search for users for whom to authorize access.
  1. Launch button in the Registered User panel to login
  2. Click the Launch button in the Update panel to modify your user settings (shown in the figure at left)
  3. Select the Manage Access to Exclusive Access Science Data menu, then click the relevant program to add users
Tip

You can also use the MyST interface to change your password, or to update other information in your user profile.

Note

Each user whom PIs wish to authorize for access to EAP data must have an existing MyST account. Co-Is and other collaborators should create a MyST account if they do not already have one.

Accessing JWST Engineering Data

Currently access to JWST Engineering data is restricted to authorized individuals. Log in to the Engineering Database Interface, or use an Auth.MAST token with the Engineering Database API.

Using the MAST HelpDesk Portal

The MAST HelpDesk Portal provides links to certain MAST resources, and after logging in you can submit requests for assistance and track the responses to your questions. 

Tip

Using the HelpDesk Portal is optional.  You may instead simply send e-mail to archive@stsci.edu.

Auth.MAST Tokens

MAST also offers API token authorization for programmatic access to EAP data.  Users with a MyST Account can find instructions on creating and using these tokens on the auth.MAST documentation page.  With a valid token in place, authorized users will then be able to retrieve MAST EAP data through Astroquery or cURL scripts. See the video on Using Auth.MAST Tokens in the Demos and Tutorials chapter of the Portal Guide. The steps are simply:

  1. Navigate to the Tokens page and click the Create Token button.
  2. Record the long, alpha-numeric string in the environment variable $MAST_API_TOKEN, preferably in your .bashrc  or equivalent shell file.
Note

Be aware that API tokens expire after 10 days of inactivity or 60 days after creation, whichever comes first. Users experiencing difficulty with existing tokens should try generating a new one.